1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

blackmal worm cleanup (kama sumtra worm, killAV.GR)

Discussion in 'Virus & Other Malware Removal' started by ecomel, Apr 16, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. ecomel

    ecomel Thread Starter

    Joined:
    Dec 23, 2001
    Messages:
    112
    First Name:
    AARON
    I have just removed the blackmal worm from my Vaio laptop using Symantec's worm removal tool but can't reinstall / repair Norton AntiVirus as it came with my Vaio system software and I would have to do a complete wipe-and-reinstall of my hard drive to get it back on again. So I downloaded Anti-Vir which verifies that my system is now virus free but it is still running so SLOWLY that I can't do anything. Menus, taskbar, explorer, loading programs, everything takes 5-10 minutes just to pop up or start. Can I undo this damage ostensibly done by the worm without doing a complete system reinstall ?
    Only one other dumb thing I did was try to run the Norton Rescue disks using floppies made on another PC running Win 98 - when I booted with floppy 1 it warned that the disks were made for another PC and could do damage to my files but I ignored the message and continued as I was so desperate (rescue disks didn't work anyway as they didn't have currentvirus definitions).
    Any suggestions?
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Most systems that use the Recovery type of CD also have a way to reinstall individual programs....are you absolutely sure yours does not have a way to reinstall one selected program?

    Post the exact model of the PC please and I will check on some things.

    Using two active antivirus programs can cause slowness and other performance problems, can you turn off one of the programs from starting when the computer does?

    With Norton programs, a reinstall may not take place if it sees another installed antivirus program> when and if a reinstall can take place, you will need to disable Antivir or, uninstall it, to allow the Norton install.

    Personally, I think I would just remove Norton using their removal tool> I have seen some systems completely crash though in just about your same situation, and a full recovery was needed. (The kind where you lose all files, and are back to factory settings).
    Are there any files you must keep....I'm not talking music, I mean documents or personal files that you cannot replace? If so, I would consider backing them up somehow before you proceed any further. Since you have a laptop, it would be difficult to take your hard drive to another computer and simply copy files....
    If there is nothing important on the system, and you do have a way to do a full recovery, you could try the Norton removal tool that assists when the program is damaged, it removes everything from the Norton Internet Security suite or a standalone version....but we have to know what version of Antivirus or SystemWorks or Internet Security suite we are dealing with.

    I've dealt with the same type of situation, and even uninstalling Norton Internet Security, with the remover, and reinstalling Norton, only worked for about 3 days and the terrible slowness was right back, the only thing that did work was a total full recovery. That was on an HP computer.

    We may be able to see something in a Hijackthis log>

    Click here to download HJTsetup.exe
    • Save the file to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
    • Open a TechSupportGuy forum Reply window for this thread, to have ready to paste the Hijackthis log into. Click once to place the typing cursor in the reply window.
    • At the top of your TSG/browser window, hit Edit then Paste
    • You should see your copied Hijackthis log appear in the reply space....then, submit the reply
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    If you are using another computer to post and read posts here, you will of course need to use a floppy or CD or flash USB drive to get Hijackthis over onto the laptop, and copy it back to disk to post here, but at least try.
     
  3. ecomel

    ecomel Thread Starter

    Joined:
    Dec 23, 2001
    Messages:
    112
    First Name:
    AARON
    Yes I'm on another computer now.
    Affected machine is Sony Vaio PCG-FXA10
    the recovery disks only allow full system recovery OR recovery of Drive C only.
    I do have a partitioned disk but the other Drive D on the hard disk only has 5GB of space.
    My computer has the entire company filing system in the Shared Documents folder but it is too big (about 8GB) to copy into Drive D and then recover Drive C. And the machine is running too slow to be able to back up shared docs as zip folders and burn onto CD - would take till Christmas. I did back up the Shared Docs onto CD as zipped files a month ago but this was our last backup and we have done a lot of work since then and I don't want to lose the past month's work.
    It's true I do have both NAV and AntiVIR installed, I only want Anti VIR, I hate NAV it causes so many problems but I did a routine full system recovery only a month ago (first in 3 years since buying the machine) and the recovery disk automatically reinstalled NAV with outdated virus definitions and I think the malware got in before I could replace NAV with a fresh version of AntiVIR again - a window of just a couple of days but that was long enough...

    Symantec website suggests some registry edits to get rid of changes made by the malware, I thought the worm removal tool took care of all that but apparently not so I am going over now to regedit manually.
    Tks for comments...
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi,
    Even though your computer has only the full Recovery option run from the CDs, it may still have a way to reinstall a program, or a driver etc that came as part of the system. The Programs list under Sony may show you how to "Reinstall One Application", or something similar, I have not yet looked up anything on your model but I am going to right now....

    Did a lookup for the model numbers you posted, and it tells me this: ""Please verify your model:
    We were unable to find an exact match for the model you entered.

    Based on your entry it appears that you may have one of the models listed below. Please be aware that information for similar products may not be fully applicable to your model.

    PCGFXA32, PCGFXA33, A35D, A36, A47,48,49....FXA53,59,63....FXA678, 9 , 680, and FXA698.


    http://esupport.sony.com/US/perl/select-system.pl?PRODTYPE=24&NAVDISP=pc

    If you go to the above link, and type in PCG-FXA10, it will show you what I am talking about.


    This happens when there are sub-models....can you look under the notebook and see which you have?

    At the link, they also have a "Detect my model" button that will show you which you have, but in the shape it's in now, that might not work too well!

    Truthfully, I hesitate to reccommend any trying to fix things up right now, until you have somehow saved those business files.
    If the only way is a direct drive to drive copy, then that will have to do, no matter how long it takes. If you cannot, then take the machine to a shop that can. Make sure they are aware of the delicate situation> insist that they verify, gurantee, or satisy you that they absolutely will copy those files. A shop should have an adapter that will hook up a notebook hard drive to a regular type hard drive...by the way, you can buy these adapters yourself and use one to connect the notebook drive to any computer to copy files.
    That can be done in Safe Mode, where the machine may be running a bit more normally and with less interference.
    I would say it would not be advisable to remove Norton right now, but if you are going to, I do wish you the best of luck.

    It may just help if you would post a Hijackthis log....
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/459725

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice